Nigerian banks face cybersecurity levy: Boon or burden?

Estimated reading time: 4 minutes

Nigeria’s Central Bank (CBN) has mandated all deposit money banks, payment service providers, and mobile money operators to implement a 0.5% cybersecurity levy on all electronic transactions. This directive, aimed at bolstering the country’s cybersecurity defenses, has sparked debate among industry experts and consumers alike.

The levy, effective within two weeks of the May 6th circular, will channel funds into the National Cybersecurity Fund (NCF), overseen by the Office of the National Security Adviser (ONSA). The CBN cites the “Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024” as the legal basis for the levy.

A circular from the apex bank on Monday disclosed that the implementation of the levy would start two weeks from today.

The circular was directed to all commercial, merchant, non-interest and payment service banks, among others.

The circular revealed that it was a follow-up on an earlier letter dated June 25, 2018 (Ref: BPS/DIR/GEN/CIR/05/008) and October 5, 2018 (Ref: BSD/DIR/GEN/LAB/11/023), respectively, on compliance with the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015.

The CBN said that all banks, other financial institutions and payment service providers are now required to implement the directive, saying, “The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration, ‘Cybersecurity Levy’.

“Deductions shall commence within two weeks from the date of this circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the fifth business day of every subsequent month.”

• The top 10 Tech trends in 2024 Everyone must be ready for
• Nigerian Govt mulls stoppage of 190 taxes on businesses
• Why Tottenham Should Sell Harry Kane
• Tinubu launches expatriate employment levy 
• NDIC to compensate 182 banks’ depositors

Exempted from the levy include loan disbursements and repayments, salary payments, intra-account transfers within the same bank or between different banks for the same customer, intra-bank transfers between customers of the same bank.

Also exempted from the levy were inter-branch transfers within a bank, cheque clearing and settlements, ⁠Letters of Credits, ⁠Banks’ recapitalisation-related funding only bulk funds movement from collection accounts, savings and deposits including transactions involving long-term investments, among others.

Boosting Defenses or Burdening Consumers?

Proponents of the levy view it as a necessary step to address the growing threat of cybercrime in Nigeria. The country has witnessed a rise in fraudulent online activities, from phishing scams and identity theft to targeted attacks on financial institutions. The levy, they argue, will provide much-needed resources to strengthen cybersecurity infrastructure, invest in threat intelligence, and enhance public awareness campaigns.

Opponents, however, raise concerns about the potential impact on consumers and businesses. A 0.5% levy on every electronic transaction, including point-of-sale (POS) payments, online transfers, and mobile money transactions, could translate to increased costs for individuals and businesses that rely heavily on digital payments. Critics argue that the levy might discourage cashless transactions, a key objective of the CBN’s financial inclusion initiatives.

Questions Remain

Several key questions remain regarding the implementation and effectiveness of this levy. How will the CBN ensure transparency and accountability in the management of the NCF? Will the collected funds be directed towards tangible cybersecurity improvements? Additionally, concerns exist regarding the potential for double taxation, as some financial institutions already invest in their own cybersecurity measures.

The Road Ahead

The success of this initiative hinges on a multi-pronged approach. While the levy can contribute to bolstering cybersecurity, it should be accompanied by complementary measures. These include fostering collaboration between the public and private sectors, developing robust cybersecurity frameworks, and upskilling the workforce to address evolving cyber threats.

The CBN’s decision to impose a cybersecurity levy is a bold step towards tackling a growing concern. However, its effectiveness will depend on a transparent and well-managed implementation strategy that minimizes the burden on consumers and businesses while maximizing its impact on improving Nigeria’s overall cybersecurity posture.